Special handling of priv-apps in Zygote.
If pm.dexopt.priv-apps is set to false, disable verifier and
only allow loading oat files from system.
bug: 30972906
bug: 63920015
Test: works as expected when pm.dexopt.priv-apps is true or false
Change-Id: Ib9e80c9b7b4106e82c0b9d1c7fbb8065c190ac1f
diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java
index e159495..ec12c0d 100644
--- a/core/java/com/android/internal/os/Zygote.java
+++ b/core/java/com/android/internal/os/Zygote.java
@@ -51,6 +51,11 @@
/** Make the code Java debuggable by turning off some optimizations. */
public static final int DEBUG_JAVA_DEBUGGABLE = 1 << 8;
+ /** Turn off the verifier. */
+ public static final int DISABLE_VERIFIER = 1 << 9;
+ /** Only use oat files located in /system. Otherwise use dex/jar/apk . */
+ public static final int ONLY_USE_SYSTEM_OAT_FILES = 1 << 10;
+
/** No external storage should be mounted. */
public static final int MOUNT_EXTERNAL_NONE = 0;
/** Default external storage should be mounted. */
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index c699a56..b7144d4 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -3871,6 +3871,12 @@
mNativeDebuggingApp = null;
}
+ if (app.info.isPrivilegedApp() &&
+ !SystemProperties.getBoolean("pm.dexopt.priv-apps", true)) {
+ runtimeFlags |= Zygote.DISABLE_VERIFIER;
+ runtimeFlags |= Zygote.ONLY_USE_SYSTEM_OAT_FILES;
+ }
+
String invokeWith = null;
if ((app.info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
// Debuggable apps may include a wrapper script with their library directory.